Securing Your Wireless Network

According to an Accenture survey quoted by Robert McMillan in an article for NetworkWorld 12% of U.S. and U.K. consumers 'borrow' free Wi-Fi access. This free wireless access is provided by personal unprotected networks. For those of us with wireless networks in our homes this is a scary thought. Never fear, there is a solution to the problem, encryption. Encryption means encoding the message much like most of us did in middle school. Devising a scheme where A = M, B = N, C = O, etc. This is a very simple type of encryption, but nonetheless we've been encrypting data for a while.  
We can also encrypt our wireless networks. Encryption is important, because without it hackers could log on to our open wireless access point and use programs called sniffers to sniff the network traffic and pick up things like the password to your online banking account or your PayPal password. Another thing that hackers can do is use the internet illegally through your network connection, such as upload/download copyright protected files or explicit material. How fun would that be if the police came knocking on your door one day saying that they traced an illegal host for the newest blockbuster movie to your address? That wouldn't be a very fun day.  
We can, however, encrypt our network traffic by not broadcasting your SSID, utilizing MAC address filtering, and using WEP or WPA encryption. You should consult the manual to your wireless router to see these security settings and how to change them.
SSID stands for Service Set Identifier, which is essentially the name of your access point. Broadcasting your SSID is known as SSID beaconing. If you turn this feature off users are required to provide the name of the network before they are allowed to connect. This will deter most users from trying to get on your network but as long as the person wants to sit and try to figure out your access point's name they will be able to and if you've never changed the name from the default of "NETGEAR", "LINKSYS", or whatever the default name of your router is it probably won't be that hard to guess. Also, your information is still roaming around the air waves in plain text (plain text means unencrypted data) and could be retrieved by sniffers.
Another way to keep unwanted users off your network is to limit the MAC addresses that are allowed on your network. Every Ethernet network interface card (NIC) has a MAC address that is specific to that card. Every manufacture of network cards is assigned a "half" MAC address and the company generates the other half, so by looking at the MAC address of a network card you could tell the manufacturer of it. You can tell your wireless router which MAC addresses are allowed on the network and all others will be rejected. This method is a pain for some users because if someone comes to your house with a laptop and wants to get on your network, then you would have to change your router settings to let their MAC address on, which would involve getting their MAC address and typing in to your allow list. Then after they leave you might want to remove their address from your list. This method like the first will deter most unwanted users from breaking in but a simple MAC address spoof would get them in and your data is still plain text.
To get your network traffic encrypted you are going to want to use WEP or WPA encryption. If you Google WEP vs. WPA you will find some really good articles debating which one is more secure but I'll let you figure that out for yourself, I'll just tell you how each works. WEP encrypts your network traffic by getting a password from the user and then if that password is correct the user's machine and the router start to "Shake Hands." There are two flavors of WEP 64-bit and 128-bit encryption keys. To understand what I'm going to say next, you need to know that network traffic is sent in packets or small packages that allow for management of the network. These packets allow the network to speed up and "multi-task" so that instead of finishing my total request for a 300Mb file and then transferring your request, the packets are interlaced so that it seems that both of us can be doing something at the same time. With that said on a WEP encrypted network each WEP packet sent is encrypted with a RC4 cipher which is generated from a separate encryption key. This encryption key is made up from two parts; the first part is 24 bits and is known as the initialization vector (IV). After the IV either 40 or 104 bits are added to the key to make up the 64-bit or 128-bit encryption key. The IV is transmitted in plain text so that anyone sniffing your network traffic can see the first 24 bits of your key every time packets are sent across the network. I would suggest reading the article at wi-fiplanet to find ways to make the most of WEP.
With WEP your data is encrypted but it doesn't take much for a strong willed sniffer to get past that. WPA encryption, however, uses the temporal key integrity protocol (TKIP) to scramble the keys using a hashing algorithm. TKIP also includes a tamper-proof mechanism to check that the keys haven’t been changed or messed with to ensure the integrity of the keys. WPA also includes user authentication through the extensible authentication protocol (EAP). EAP utilizes a type of MAC address filtering like we discussed above and is built on a public key encryption system. WPA was created to address some of WEPs failures, but it is only an interim solution. IEEE (Institute of Electrical and Electronics Engineers) is currently defining a standard that will be called 802.11i to replace both WEP and WPA.
Make sure that you’ve got your wireless network secured by disabling your access point from SSID beaconing, utilizing MAC address filtering and implementing some encryption system either WEP or WPA. Also keep a lookout for 802.11i when it gets finalized by the IEEE to take place of WPA. By securing your network traffic you greatly decrease your chances of identity theft or other severe problems.

http://www.networkworld.com/news/2008/041608-survey-12-percent-of-consumers.html
http://www.wi-fiplanet.com/tutorials/article.php/2106281
http://www.webopedia.com/TERM/W/WPA.html